Senior Application Security Engineer

Summary

Join CoreWeave's Cyber Security Organization as a Senior Application Security Engineer. You will provide security consultations, conduct threat modeling and code reviews, lead security audits, and address novel security challenges. This role requires a Bachelor's degree, 5+ years of application security experience, and strong knowledge of security protocols and vulnerabilities. Preferred qualifications include relevant certifications and experience with specific security tools. CoreWeave offers competitive compensation ($175,000-$210,000), comprehensive benefits (including 100% paid medical, dental, and vision), and a hybrid work environment with flexibility for remote work.

Requirements

• Be comfortable with a high degree of ambiguity and relish the idea of solving problems that haven't been solved at scale before
• Bachelor’s degree in Computer Science or related field or equivalent experience
• Minimum 5 years of Application Security engineering experience and vulnerability testing
• Strong knowledge of authorization, authentication and encryption protocols and use cases
• Experience working with development team(s) that have delivered commercial software or software-based services
• Knowledge of threat modeling or other risk identification techniques
• Knowledge of system security vulnerabilities and remediation techniques including familiarity with common attack patterns and exploitation techniques (OWASP)
• Scripting skills (e.g., Perl, Python shell scripting)
• Knowledge of network and related web protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
• Ability to write fully functional exploits for common vulnerabilities such as simple stack overflow, cross-site scripting, or SQL injection
• Familiarity with common attack patterns, exploitation techniques, and standard Security Assessment and Penetration Testing tools such as BurpSuite, Metasploit, and IDA Pro
• Proficiency of common security vulnerabilities and the ability to identify these vulnerabilities using SAST and DAST tools
• Proficiency in Security Engineering and Assurance methodologies e.g., fuzzing, static and dynamic code analysis
• Understanding of secure coding principles and practices and ability to review code for potential security issues
• Experience with Kubernetes and related security measures, extensive experience with Linux OS environments
• Strong technical background with a critical thinking mindset, excellent interpersonal, verbal, and written communication skills
• Applicants must have work authorization that does not require sponsorship from the company now or in the future

Responsibilities

• Provide security consultations with engineering peers
• Architecture reviews of new and existing code changes/additions
• Conduct full and complete threat models in part of the permit process
• Configure and own automated code reviews
• Own the manual code review process
• On-going Security Testing
• Risk documentation, remediation verification, and retest validation
• Engage in the review of full tech-stack solutions, understanding architecture, creating threat models, performing both automated and manual code reviews, and conducting security testing
• Lead security audits, risk analysis, vulnerability testing, and security reviews across all elements of the project's software systems
• Address challenging, novel situations daily, collaborating with multiple technical teams within and outside CoreWeave
• Conduct Security Consults, Incident Response Plan Reviews, and Risk Documentation and Remediation Verification
• Configure, troubleshoot and maintain security infrastructure software and hardware
• Continuously analyze security systems for improvements, install monitoring software for security breaches and intrusions, and set up preventive measures
• Report possible threats or software issues, test company software, firmware, firewalls, and infrastructure setups
• Research weaknesses and devise countermeasures, finding cost-effective solutions to cybersecurity challenges
• Develop and improve security standards and best practices for the organization, educating and training staff on information system security best practices
• Assist employees with cybersecurity, software, hardware, or IT needs, providing solutions to complex issues in a fast-paced environment

Preferred Qualifications

• Certifications such as Sec+, Net+, OSCP or other relevant industry certifications
• Experience with CrowdStrike, Synk, Rapid 7 Appsec, OSINT, Threat Intelligence
• Experience in DevSecOps and integrating security into CI/CD pipelines can be a plus

Benefits

• Medical, dental, and vision insurance - 100% paid for by CoreWeave
• Company-paid Life Insurance
• Voluntary supplemental life insurance
• Short and long-term disability insurance
• Flexible Spending Account
• Health Savings Account
• Tuition Reimbursement
• Mental Wellness Benefits through Spring Health
• Family-Forming support provided by Carrot
• Paid Parental Leave
• Flexible, full-service childcare support with Kinside
• 401(k) with a generous employer match
• Flexible PTO
• Catered lunch each day in our office and data center locations
• A casual work environment
• A work culture focused on innovative disruption
• Hybrid work environment with flexibility for remote work